4.2 XML Wired Group Policy – EAP-TLS with Local Certificates
This profile sample shows a wired network profile used to connect to a network that uses Extensible Authentication Protocol Transport Level Security (EAP-TLS) certificates stored on the local machine for 802.1X authentication.
-
<?xml version="1.0" encoding="US-ASCII"?> <LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1"> <MSM> <security> <OneXEnforced>false</OneXEnforced> <OneXEnabled>true</OneXEnabled> <OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> <EAPConfig> <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig" xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon" xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapMethodConfig"> <EapMethod> <eapCommon:Type>13</eapCommon:Type> <eapCommon:AuthorId>0</eapCommon:AuthorId> </EapMethod> <Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" xmlns:eapTls="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> <baseEap:Eap> <baseEap:Type>13</baseEap:Type> <eapTls:EapType> <eapTls:CredentialsSource> <eapTls:CertificateStore /> </eapTls:CredentialsSource> <eapTls:ServerValidation> <eapTls:DisableUserPromptForServerValidation>false</eapTls:DisableUserPromptForServerValidation> <eapTls:ServerNames /> </eapTls:ServerValidation> <eapTls:DifferentUsername>false</eapTls:DifferentUsername> </eapTls:EapType> </baseEap:Eap> </Config> </EapHostConfig> </EAPConfig> </OneX> </security> </MSM> </LANProfile>